You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2004/12/06 07:30:21 UTC
svn commit: r109953 - in incubator/directory/eve/trunk/jndi-provider/src: java/org/apache/eve java/org/apache/eve/jndi java/org/apache/eve/jndi/ibs test/org/apache/eve/jndi
Author: akarasulu
Date: Sun Dec 5 22:30:20 2004
New Revision: 109953
URL: http://svn.apache.org/viewcvs?view=rev&rev=109953
Log:
Changes ...
o reimplemented authentication functionality to be really simple
- uid=admin,ou=system is the super-user with password secret on 1st start
- admin must change passwd afterwords
- no defaults all is simple
- users that have a userPassword can authenticate: try example non-super-user
uid=akarasulu,ou=users,ou=system
o corrected some dependent functionality in authorization module
o cleaned up in general
o removed all test functionality that depended on system pw being set
Notes:
o I was sloppy - somebody should cleanup all the constants and start using
the constant for passwd for example rather than "secret"
Modified:
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java Sun Dec 5 22:30:20 2004
@@ -43,12 +43,14 @@
{
/** the default user principal or DN */
public final static String ADMIN_PRINCIPAL = "uid=admin,ou=system";
+ /** the admin super user uid */
+ public final static String ADMIN_UID = "admin";
+ /** the initial admin passwd set on startup */
+ public static final byte[] ADMIN_PW = "secret".getBytes();
/** the base dn under which all users reside */
public final static String USERS_BASE_DN = "ou=users,ou=system";
/** the base dn under which all groups reside */
public final static String GROUPS_BASE_DN = "ou=groups,ou=system";
- /** the admin super user uid */
- public final static String ADMIN_UID = "admin";
/**
* System backend suffix constant. Should be kept down to a single Dn name
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/AuthenticationService.java Sun Dec 5 22:30:20 2004
@@ -17,21 +17,17 @@
package org.apache.eve.jndi;
-import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.Attribute;
import org.apache.eve.RootNexus;
-import org.apache.eve.SystemPartition;
import org.apache.eve.auth.LdapPrincipal;
import org.apache.ldap.common.exception.*;
import org.apache.ldap.common.message.ResultCodeEnum;
import org.apache.ldap.common.util.ArrayUtils;
import org.apache.ldap.common.name.LdapName;
-import org.apache.ldap.common.name.NameComponentNormalizer;
-import org.apache.ldap.common.name.DnParser;
/**
@@ -42,17 +38,17 @@
*/
public class AuthenticationService implements Interceptor
{
-
- private static final String TYPE = Context.SECURITY_AUTHENTICATION;
+ /** short for Context.SECURITY_AUTHENTICATION */
+ private static final String AUTH_TYPE = Context.SECURITY_AUTHENTICATION;
+ /** short for Context.SECURITY_PRINCIPAL */
private static final String PRINCIPAL = Context.SECURITY_PRINCIPAL;
- private static final String ADMIN = SystemPartition.ADMIN_PRINCIPAL;
+ /** short for Context.SECURITY_CREDENTIALS */
+ private static final String CREDS = Context.SECURITY_CREDENTIALS;
/** the root nexus to all database partitions */
private final RootNexus nexus;
/** whether or not to allow anonymous users */
private boolean allowAnonymous = false;
- /** the normalizing DnParser to use while parsing names */
- private final DnParser parser;
/**
@@ -60,49 +56,97 @@
*
* @param nexus the root nexus to access all database partitions
*/
- public AuthenticationService( RootNexus nexus, NameComponentNormalizer normalizer,
- boolean allowAnonymous ) throws NamingException
+ public AuthenticationService( RootNexus nexus, boolean allowAnonymous )
{
this.nexus = nexus;
this.allowAnonymous = allowAnonymous;
- this.parser = new DnParser( normalizer );
}
public void invoke( Invocation invocation ) throws NamingException
{
+ // only handle preinvocation state
if ( invocation.getState() != InvocationStateEnum.PREINVOCATION )
{
return;
}
+ // check if we are already authenticated and if so we return making
+ // sure first that the credentials are not exposed within context
EveContext ctx = ( EveLdapContext ) invocation.getContextStack().peek();
if ( ctx.getPrincipal() != null )
{
- if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
+ if ( ctx.getEnvironment().containsKey( CREDS ) )
{
- ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
+ ctx.removeFromEnvironment( CREDS );
}
return;
}
- String principal = getPrincipal( ctx.getEnvironment() );
+ // check the kind of authentication being performed
+ if ( ctx.getEnvironment().containsKey( AUTH_TYPE ) )
+ {
+ // authentication type can be anything
+
+ String auth = ( String ) ctx.getEnvironment().get( AUTH_TYPE );
+ if ( auth.equalsIgnoreCase( "none" ) )
+ {
+ doAuthNone( ctx );
+ }
+ else if ( auth.equalsIgnoreCase( "simple" ) )
+ {
+ doAuthSimple( ctx );
+ }
+ else
+ {
+ doAuthSasl( ctx );
+ }
+ }
+ else if ( ctx.getEnvironment().containsKey( CREDS ) )
+ {
+ // authentication type is simple here
+ doAuthSimple( ctx );
+ }
+ else
+ {
+ // authentication type is anonymous
+ doAuthNone( ctx );
+ }
+
+ // remove creds so there is no security risk
+ ctx.removeFromEnvironment( CREDS );
+ }
+
+
+ private void doAuthSasl( EveContext ctx ) throws NamingException
+ {
+ ctx.getEnvironment(); // shut's up idea's yellow light
+ ResultCodeEnum rc = ResultCodeEnum.AUTHMETHODNOTSUPPORTED;
+ throw new LdapAuthenticationNotSupportedException( rc );
+ }
+
- if ( principal.length() == 0 )
+ private void doAuthNone( EveContext ctx ) throws NamingException
+ {
+ if ( this.allowAnonymous )
{
if ( allowAnonymous )
{
ctx.setPrincipal( LdapPrincipal.ANONYMOUS );
- return;
}
else
{
throw new LdapNoPermissionException( "Anonymous bind NOT permitted!" );
}
}
+ }
+
+
+ private void doAuthSimple( EveContext ctx ) throws NamingException
+ {
+ Object creds = ctx.getEnvironment().get( CREDS );
- Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
if ( creds == null )
{
creds = ArrayUtils.EMPTY_BYTE_ARRAY;
@@ -112,6 +156,21 @@
creds = ( ( String ) creds ).getBytes();
}
+ // let's get the principal now
+ String principal;
+ if ( ! ctx.getEnvironment().containsKey( PRINCIPAL ) )
+ {
+ throw new LdapAuthenticationException();
+ }
+ else
+ {
+ principal = ( String ) ctx.getEnvironment().get( PRINCIPAL );
+ if ( principal == null )
+ {
+ throw new LdapAuthenticationException();
+ }
+ }
+
LdapName principalDn = new LdapName( principal );
Attributes userEntry = nexus.lookup( principalDn );
if ( userEntry == null )
@@ -139,89 +198,6 @@
throw new LdapAuthenticationException();
}
- synchronized( parser )
- {
- ctx.setPrincipal( new LdapPrincipal( parser.parse( principal ) ) );
- }
-
- // remove creds so there is no security risk
- ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
- }
-
-
- /**
- * Gets the effective principal associated with a JNDI context's environment.
- *
- * @param env the JNDI Context environment
- * @return the effective principal
- * @throws NamingException if certain properties are not present or present
- * in wrong values or present in the wrong combinations
- */
- private String getPrincipal( Hashtable env ) throws NamingException
- {
- if ( "strong".equalsIgnoreCase( ( String ) env.get( TYPE ) ) )
- {
- throw new LdapAuthenticationNotSupportedException( ResultCodeEnum.AUTHMETHODNOTSUPPORTED );
- }
-
- // --------------------------------------------------------------------
- // if both the authtype and principal keys not defined then the
- // princial is set to the admin user for the system
- // --------------------------------------------------------------------
- if ( ! env.containsKey( TYPE ) && ! env.containsKey( PRINCIPAL ) )
- {
- return SystemPartition.ADMIN_PRINCIPAL;
- }
-
- // the authtype is set but the principal is not
- if ( env.containsKey( TYPE ) && ! env.containsKey( PRINCIPAL ) )
- {
- Object val = env.get( TYPE );
-
- // princial is set to the anonymous user if authType is "none"
- if ( "none".equalsIgnoreCase( ( String ) val ) )
- {
- return "";
- }
- // princial is set to the admin user if authType is "simple"
- else if ( "simple".equalsIgnoreCase( ( String ) val ) )
- {
- return ADMIN;
- }
-
- // blow chuncks if we see any other authtype values
- throw new LdapConfigurationException( "Unknown value for property " + TYPE + ": " + val );
- }
-
- // both are set
- if ( env.containsKey( TYPE ) && env.containsKey( PRINCIPAL ) )
- {
- Object val = env.get( TYPE );
-
- // princial is set to the anonymous user if authType is "none"
- if ( "none".equalsIgnoreCase( ( String ) val ) )
- {
- String msg = "Ambiguous configuration: " + TYPE;
- msg += " is set to none and the security principal";
- msg += " is set using " + PRINCIPAL + " as well";
- throw new LdapConfigurationException( msg );
- }
- // princial is set to the admin user if authType is "simple"
- else if ( "simple".equalsIgnoreCase( ( String ) val ) )
- {
- return ( String ) env.get( PRINCIPAL );
- }
-
- // blow chuncks if we see any other authtype values
- throw new LdapConfigurationException( "Unknown value for property " + TYPE + ": " + val );
- }
-
- // we have the principal key so we set that as the value
- if ( env.containsKey( PRINCIPAL ) )
- {
- return ( String ) env.get( PRINCIPAL );
- }
-
- return ADMIN;
+ ctx.setPrincipal( new LdapPrincipal( principalDn ) );
}
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java Sun Dec 5 22:30:20 2004
@@ -36,7 +36,6 @@
import org.apache.ldap.common.schema.Normalizer;
import org.apache.ldap.common.message.LockableAttributesImpl;
import org.apache.ldap.common.message.ResultCodeEnum;
-import org.apache.ldap.common.util.ArrayUtils;
import org.apache.ldap.common.util.DateUtils;
import org.apache.ldap.common.util.PropertiesUtils;
import org.apache.ldap.common.ldif.LdifIterator;
@@ -306,21 +305,12 @@
attributes.put( "objectClass", "organizationalPerson" );
attributes.put( "objectClass", "inetOrgPerson" );
attributes.put( "uid", SystemPartition.ADMIN_UID );
+ attributes.put( "userPassword", SystemPartition.ADMIN_PW );
attributes.put( "displayName", "Directory Superuser" );
attributes.put( "creatorsName", ADMIN );
attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
attributes.put( "displayName", "Directory Superuser" );
- if ( initialEnv.containsKey( Context.SECURITY_CREDENTIALS ) )
- {
- attributes.put( "userPassword", initialEnv.get(
- Context.SECURITY_CREDENTIALS ) );
- }
- else
- {
- attributes.put( "userPassword", ArrayUtils.EMPTY_BYTE_ARRAY );
- }
-
nexus.add( ADMIN, ADMIN_NAME, attributes );
return true;
}
@@ -430,9 +420,7 @@
InvocationStateEnum.PREINVOCATION
};
boolean allowAnonymous = initialEnv.containsKey( ANONYMOUS_ENV );
- ConcreteNameComponentNormalizer normalizer;
- normalizer = new ConcreteNameComponentNormalizer( globalRegistries.getAttributeTypeRegistry() );
- Interceptor interceptor = new AuthenticationService( nexus, normalizer, allowAnonymous );
+ Interceptor interceptor = new AuthenticationService( nexus, allowAnonymous );
provider.addInterceptor( interceptor, state );
/*
@@ -449,6 +437,9 @@
* interceptor chain.
*/
state = new InvocationStateEnum[]{ InvocationStateEnum.PREINVOCATION };
+ ConcreteNameComponentNormalizer normalizer;
+ AttributeTypeRegistry atr = globalRegistries.getAttributeTypeRegistry();
+ normalizer = new ConcreteNameComponentNormalizer( atr );
interceptor = new AuthorizationService( normalizer, filterService );
provider.addInterceptor( interceptor, state );
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java Sun Dec 5 22:30:20 2004
@@ -336,6 +336,12 @@
{
if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) )
{
+ // allow for self reads
+ if ( dn.toString().equals( principalDn.toString() ) )
+ {
+ return;
+ }
+
String msg = "Access to user account '" + dn + "' not permitted";
msg += " for user '" + principalDn + "'. Only the admin can";
msg += " access user account information";
@@ -344,6 +350,12 @@
if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN ) )
{
+ // allow for self reads
+ if ( dn.toString().equals( principalDn.toString() ) )
+ {
+ return;
+ }
+
String msg = "Access to group '" + dn + "' not permitted";
msg += " for user '" + principalDn + "'. Only the admin can";
msg += " access group information";
@@ -352,6 +364,12 @@
if ( dn.equals( ADMIN_DN ) )
{
+ // allow for self reads
+ if ( dn.toString().equals( principalDn.toString() ) )
+ {
+ return;
+ }
+
String msg = "Access to admin account not permitted for user '";
msg += principalDn + "'. Only the admin can";
msg += " access admin account information";
Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/AbstractJndiTest.java Sun Dec 5 22:30:20 2004
@@ -64,16 +64,14 @@
doDelete( new File( "target" + File.separator + "eve" ) );
extras.put( EveContextFactory.EVE_LDAP_PORT,
- String.valueOf( AvailablePortFinder.getNextAvailable( 1025 ) ) );
+ String.valueOf( AvailablePortFinder.getNextAvailable( 1024 ) ) );
- setSysRoot( "uid=admin,ou=system", "testing" );
+ setSysRoot( "uid=admin,ou=system", "secret" );
}
/**
* Deletes the Eve working directory.
- *
- * @throws IOException if there are failures while deleting.
*/
protected void doDelete( File wkdir )
{
@@ -148,7 +146,7 @@
env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory" );
env.put( EveContextFactory.SHUTDOWN_OP_ENV, "" );
env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
- env.put( Context.SECURITY_CREDENTIALS, "testing" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
try { new InitialContext( env ); } catch( Exception e ) {}
sysRoot = null;
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/EveContextFactoryTest.java Sun Dec 5 22:30:20 2004
@@ -108,7 +108,8 @@
{
Hashtable env = new Hashtable();
env.put( Context.PROVIDER_URL, "dc=example" );
- env.put( Context.SECURITY_CREDENTIALS, "testing" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory" );
InitialContext initialContext = new InitialContext( env );
DirContext appRoot = ( DirContext ) initialContext.lookup( "" );
@@ -128,7 +129,8 @@
{
Hashtable env = new Hashtable();
env.put( Context.PROVIDER_URL, "ou=testing" );
- env.put( Context.SECURITY_CREDENTIALS, "testing" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory" );
InitialContext initialContext = new InitialContext( env );
DirContext appRoot = ( DirContext ) initialContext.lookup( "" );
Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/RootDSETest.java Sun Dec 5 22:30:20 2004
@@ -88,7 +88,7 @@
env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory" );
env.put( EveContextFactory.SHUTDOWN_OP_ENV, "" );
env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
- env.put( Context.SECURITY_CREDENTIALS, "testing" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
try { new InitialContext( env ); } catch( Exception e ) {}
}
@@ -104,6 +104,8 @@
Hashtable env = new Hashtable();
env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
InitialContext initCtx = new InitialContext( env );
assertNotNull( initCtx );
@@ -121,6 +123,8 @@
Hashtable env = new Hashtable();
env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
InitialContext initCtx = new InitialContext( env );
assertNotNull( initCtx );
@@ -141,6 +145,8 @@
Hashtable env = new Hashtable();
env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
InitialContext initCtx = new InitialContext( env );
assertNotNull( initCtx );
@@ -164,6 +170,8 @@
Hashtable env = new Hashtable();
env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
InitialContext initCtx = new InitialContext( env );
assertNotNull( initCtx );
@@ -196,6 +204,8 @@
Hashtable env = new Hashtable();
env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
InitialContext initCtx = new InitialContext( env );
assertNotNull( initCtx );
@@ -228,6 +238,8 @@
Hashtable env = new Hashtable();
env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
InitialContext initCtx = new InitialContext( env );
assertNotNull( initCtx );
@@ -262,6 +274,8 @@
Hashtable env = new Hashtable();
env.put( EveContextFactory.WKDIR_ENV, "target/eve" );
env.put( Context.PROVIDER_URL, "" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.INITIAL_CONTEXT_FACTORY, EveContextFactory.class.getName() );
InitialContext initCtx = new InitialContext( env );
assertNotNull( initCtx );
Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ShutdownTest.java Sun Dec 5 22:30:20 2004
@@ -44,7 +44,7 @@
try
{
- setSysRoot( "uid=admin,ou=system", "testing" );
+ setSysRoot( "uid=admin,ou=system", "secret" );
}
finally
{
@@ -66,7 +66,7 @@
try
{
- setSysRoot( "uid=admin,ou=system", "testing" );
+ setSysRoot( "uid=admin,ou=system", "secret" );
}
finally
{
@@ -76,6 +76,6 @@
assertNotNull( sysRoot );
// restart the system now
- setSysRoot( "uid=admin,ou=system", "testing" );
+ setSysRoot( "uid=admin,ou=system", "secret" );
}
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java Sun Dec 5 22:30:20 2004
@@ -18,10 +18,11 @@
import java.io.File;
-import java.io.IOException;
import java.util.Hashtable;
import javax.naming.directory.DirContext;
import javax.naming.directory.Attributes;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.Attribute;
import javax.naming.*;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.InitialLdapContext;
@@ -42,10 +43,8 @@
{
/**
* Cleans up old database files on creation.
- *
- * @throws IOException if we can't clean the files
*/
- public SimpleAuthenticationTest() throws IOException
+ public SimpleAuthenticationTest()
{
doDelete( new File( "target" + File.separator + "eve" ) );
}
@@ -58,11 +57,9 @@
* <li>sets doDelete to false for test1AdminAccountCreation</li>
* <li>sets doDelete to false for test2AccountExistsOnRestart</li>
* <li>sets doDelete to true for all other cases</li>
- * <li>bypasses normal setup for test3BuildDbNoNothing</li>
* <li>bypasses normal setup for test5BuildDbNoPassWithPrincAuthNone</li>
* <li>bypasses normal setup for test4BuildDbNoPassNoPrincAuthNone</li>
* <li>bypasses normal setup for test6BuildDbNoPassNotAdminPrinc</li>
- * <li>bypasses normal setup for test7BuildDbNoPassNoPrincAuthNoneAnonOff</li>
* </ul>
*
* @throws Exception
@@ -79,10 +76,8 @@
super.doDelete = true;
}
- if ( getName().equals( "test3BuildDbNoNothing" ) ||
- getName().equals( "test5BuildDbNoPassWithPrincAuthNone" ) ||
+ if ( getName().equals( "test5BuildDbNoPassWithPrincAuthNone" ) ||
getName().equals( "test6BuildDbNoPassNotAdminPrinc" ) ||
- getName().equals( "test7BuildDbNoPassNoPrincAuthNoneAnonOff" ) ||
getName().equals( "test4BuildDbNoPassNoPrincAuthNone" ) )
{
return;
@@ -118,7 +113,7 @@
DirContext ctx = ( DirContext ) sysRoot.lookup( "uid=admin" );
Attributes attrs = ctx.getAttributes( "" );
performAdminAccountChecks( attrs );
- assertTrue( attrs.get( "userPassword" ).contains( "testing" ) );
+ assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), "secret".getBytes() ));
}
@@ -133,38 +128,40 @@
Attributes attrs = ctx.getAttributes( "" );
performAdminAccountChecks( attrs );
- assertTrue( attrs.get( "userPassword" ).contains( "testing" ) );
+ assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), "secret".getBytes() ));
}
- /**
- * Checks that we can give basically the minimal set of properties without
- * any security information to build and bootstrap a new system. The admin
- * user is presumed and no password is set. The admin password defaults to
- * the empty byte array.
- *
- * @throws Exception if there are problems
- */
- public void test3BuildDbNoNothing() throws Exception
+ public void test3UseAkarasulu() throws NamingException
{
- // clean out the database
- doDelete( new File( "target" + File.separator + "eve" ) );
- LdapContext ctx = setSysRoot( new Hashtable() );
- Attributes attributes = ctx.getAttributes( "uid=admin" );
- assertNotNull( attributes );
-
- // Eve has started now so we access another context w/o the wkdir
+ // now go in as anonymous user and we should be rejected
Hashtable env = new Hashtable();
env.put( Context.PROVIDER_URL, "ou=system" );
+ env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );
+ env.put( Context.SECURITY_CREDENTIALS, "test" );
+ env.put( Context.SECURITY_AUTHENTICATION, "simple" );
env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory" );
- InitialContext initial = new InitialContext( env );
- ctx = ( LdapContext ) initial.lookup( "uid=admin" );
- assertNotNull( ctx );
- attributes = ctx.getAttributes( "" );
- assertNotNull( attributes );
-
- performAdminAccountChecks( attributes );
- assertTrue( attributes.get( "userPassword" ).contains( ArrayUtils.EMPTY_BYTE_ARRAY ) );
+ InitialDirContext ic = new InitialDirContext( env );
+ Attributes attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
+ Attribute ou = attrs.get( "ou" );
+ assertTrue( ou.contains( "Engineering" ) );
+ assertTrue( ou.contains( "People" ) );
+
+ Attribute objectClass = attrs.get( "objectClass" );
+ assertTrue( objectClass.contains( "top" ) );
+ assertTrue( objectClass.contains( "person" ) );
+ assertTrue( objectClass.contains( "organizationalPerson" ) );
+ assertTrue( objectClass.contains( "inetOrgPerson" ) );
+
+ assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
+ assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
+ assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
+ assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
+ assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
+ assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
+ assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
+ assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
+ assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
}
@@ -281,40 +278,6 @@
/**
- * Tests to make sure we throw an error when Context.SECURITY_AUTHENTICATION
- * is set to "none" when trying to get a context from an already
- * bootstrapped system when anonymous users are not turned on.
- *
- * @throws Exception if anything goes wrong
- */
- public void test7BuildDbNoPassNoPrincAuthNoneAnonOff() throws Exception
- {
- // clean out the database
- tearDown();
- doDelete( new File( "target" + File.separator + "eve" ) );
-
- // ok this should start up the system now as admin
- InitialLdapContext ctx = ( InitialLdapContext ) setSysRoot( new Hashtable() );
- assertNotNull( ctx );
-
- // now go in as anonymous user and we should be rejected
- Hashtable env = new Hashtable();
- env.put( Context.PROVIDER_URL, "ou=system" );
- env.put( Context.SECURITY_AUTHENTICATION, "none" );
- env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory" );
-
- try
- {
- new InitialContext( env );
- fail( "should never get here due to an exception" );
- }
- catch ( NoPermissionException e )
- {
- }
- }
-
-
- /**
* Tests to make sure we can authenticate after the database has already
* been build as the admin user when simple authentication is in effect.
*
@@ -326,7 +289,7 @@
Hashtable env = new Hashtable();
env.put( Context.PROVIDER_URL, "ou=system" );
env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
- env.put( Context.SECURITY_CREDENTIALS, "testing" );
+ env.put( Context.SECURITY_CREDENTIALS, "secret" );
env.put( Context.SECURITY_AUTHENTICATION, "simple" );
env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.eve.jndi.EveContextFactory" );
assertNotNull( new InitialContext( env ) );
Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java
Url: http://svn.apache.org/viewcvs/incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java?view=diff&rev=109953&p1=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java&r1=109952&p2=incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java&r2=109953
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SyncTest.java Sun Dec 5 22:30:20 2004
@@ -37,7 +37,7 @@
public void testSyncNoException() throws Exception
{
overrides.put( EveContextFactory.SYNC_OP_ENV, "true" );
- sysRoot = setSysRoot( "uid=admin,ou=system", "testing" );
+ sysRoot = setSysRoot( "uid=admin,ou=system", "secret" );
assertNotNull( sysRoot );
}
@@ -51,7 +51,7 @@
public void testPostSyncLookup() throws Exception
{
overrides.put( EveContextFactory.SYNC_OP_ENV, "true" );
- sysRoot = setSysRoot( "uid=admin,ou=system", "testing" );
+ sysRoot = setSysRoot( "uid=admin,ou=system", "secret" );
Attributes users = sysRoot.getAttributes( "ou=users" );
// assert making sure the entry is ok